**Summary:**
Any unauthenticated/anonymous users are able to access the SharePoint Web Services (.wsdl files) for the ????? Initiative website.
**Description:**
The SharePoint installation for this particular site allows any user to access the spdisco.aspx on the web server which discloses the location of of all SharePoint’s web service endpoints. The URL is: https://?????/??????/_vti_bin/spdisco.aspx
## Impact
An adversary may utilize the exposed information about the web services to mount specific attacks against this SharePoint site. It may allow the attacker to communicate with the web service to further identify potential weaknesses and further compromise the system.
## Step-by-step Reproduction Instructions
1. Navigate to https://???????/??????????/_vti_bin/spdisco.aspx
## Product, Version, and Configuration (If applicable)
## Suggested Mitigation/Remediation Actions
Disable anonymous access to spdisco.aspx
## Impact
An adversary may utilize the exposed information about the web services to mount specific attacks against this SharePoint site. It may allow the attacker to communicate with the web service to further identify potential weaknesses and further compromise the system.Read More
References
Back to Main